Open Access
submit Opinions CrossRef Open Access Subscribe New Journal Ideal

Click on image to enlarge

Indexed in Scopus

Journal of Cyber Security and Mobility

Editors-in-Chief:
Ashutosh Dutta, Johns Hopkins University, USA
Ruby Lee, Princeton University, USA
Neeli R. Prasad, International Technological University, San Jose, USA
Wojciech Mazurczyk, Warsaw University of Technology, Poland

Associate Editor:
Debdeep Mukhopadhyay, Indian Institute of Technology Kharagpur, India


ISSN: 2245-1439 (Print Version),

ISSN: 2245-4578 (Online Version)
Vol: 4   Issue: Combined Issue 2 & 3

Published In:   April/July 2015

Publication Frequency: Quarterly


Search Available Volume and Issue for Journal of Cyber Security and Mobility


Journal Description        Editorial Foreword        Read Full Articles        Editorial Board        Subscription        Indexed       Opinions

On the use of machine learning for identifying botnet network traffic

doi: 10.13052/jcsm2245-1439.421
Matija Stevanovic and Jens Myrup Pedersen

Wireless Communication Networks Section, Department of Electronic Systems Aalborg University, Aalborg, Denmark

Abstract: [+]    |    Download File [ 303KB ]    |   Read Article Online

Abstract: During the last decade significant scientific efforts have been invested in the development of methods that could provide efficient and effective botnet detection. As a result, an array of detection methods based on diverse technical principles and targeting various aspects of botnet phenomena have been defined. As botnets rely on the Internet for both communicating with the attacker as well as for implementing different attack campaigns, network traffic analysis is one of the main means of identifying their existence. In addition to relying on traffic analysis for botnet detection, many contemporary approaches use machine learning techniques for identifying malicious traffic.

This paper presents a survey of contemporary botnet detection methods that rely on machine learning for identifying botnet network traffic. The paper provides a comprehensive overview on the existing scientific work thus contributing to the better understanding of capabilities, limitations and opportunities of using machine learning for identifying botnet traffic. Furthermore, the paper outlines possibilities for the future development of machine learning-based botnet detection systems.

Keywords: Botnet detection, State of the art, Comparative analysis, Traffic analysis, Machine learning

Practical Attacks on Security and Privacy Through a Low-Cost Android Device

doi: 10.13052/jcsm2245-1439.422
Greig Paul and James Irvine

University of Strathclyde Department of Electronic & Electrical Engineering Glasgow, United Kingdom

Abstract: [+]    |    Download File [ 948KB ]    |   Read Article Online

Abstract: As adoption of smartphones and tablets increases, and budget device offerings become increasingly affordable, the vision of bringing universal connectivity to the developing world is becoming more and more viable. Nonetheless, it is important to consider the diverse use-cases for smartphones and tablets today, particularly where a user may only have access to a single connected device. In many regions, banking and other important services can be accessed from mobile connected devices, expanding the reach of these services. This paper highlights the practical risks of one such lowcost computing device, highlighting the ease with which a very recent (manufacturered September 2015) Android-based internet tablet, designed for the developing world, can be completely compromised by an attacker. The weaknesses identified allow an attacker to gain full root access and persistent malicious code execution capabilities. We consider the implications of these attacks, and the ease with which these attacks may be carried out, and highlight the difficulty in effectively mitigating these weaknesses as a user, even on a recently manufactured device.

Keywords: Security, Privacy, Android, Exploit, Physical Access

Comparative Investigation of ARP Poisoning mitigation techniques using Standard Testbed for Wireless Networks

doi: 10.13052/jcsm2245-1439.423
Goldendeep Kaur and Jyoteesh Malhotra

Computer Science and Engineering Department, Guru Nanak Dev University, Regional Campus, Jalandhar, India

Abstract: [+]    |    Download File [ 3991KB ]    |   Read Article Online

Abstract: Due to the increasing demand of wireless networks, there is an increasing necessity for security as well. This is because unlike wired networks, wireless networks can be easily hacked form outside the building if proper security measures are not in place as wireless networks make use of radio waves and radio waves can leak outside of building at distances up to 300 feet or more. So everything we do on our network can be monitored by anyone who has wireless capabilities. This unauthorized access can be used as an essence by the hacker to launch various kinds of attacks like man-in-the-middle attacks, denial of service attacks, IP spoofing etc. As a result in addition to the firewalls, password protection techniques, virus detectors etc, additional levels of security is needed to secure the wireless networks. This paper focuses on comparing various techniques that are used to protect the users from these attacks by providing practical observations based on the network parameters time and scalability and also highlighted the best method in the end to combat the attacks at a superior level.

Keywords: ARP Cache, Snort, Wireshark, SSLstrip, Ettercap.

Information Security Risk Assessment of Smartphones using Bayesian Networks

doi: 10.13052/jcsm2245-1439.424
Kristian Herland, Heikki Hämmäinen and Pekka Kekolahti

Aalto University, School of Electrical Engineering, Department of Communications and Networking, Espoo, Finland

Abstract: [+]    |    Download File [ 4282KB ]    |   Read Article Online

Abstract: This study comprises an information security risk assessment of smartphone use in Finland using Bayesian networks. The primary research method is a knowledge-based approach to build a causal Bayesian network model of information security risks and consequences. The risks, consequences, probabilities and impacts are identified from domain experts in a 2-stage interview process with 8 experts as well as from existing research and statistics. This information is then used to construct a Bayesian network model which lends itself to different use cases such as sensitivity and scenario analysis. The identified risks’ probabilities follow a long tail wherein the most probable risks include unintentional data disclosure, failures of device or network, shoulder surfing or eavesdropping and loss or theft of device. Experts believe that almost 50 % of users share more information to other parties through their smartphones than they acknowledge or would be willing to share. This study contains several implications for consumers as well as indicates a clear need for increasing security awareness among smartphone users.

Keywords:

Digital Forensic Investigations: Issues of Intangibility, Complications and Inconsistencies in Cyber-crimes

doi: 10.13052/jcsm2245-1439.425
Ezer Osei Yeboah-Boateng1 and Elvis Akwa-Bonsu2

1Ghana Technology University College (GTUC)
2Detectware Limited, Ghana

Abstract: [+]    |    Download File [ 4966KB ]    |   Read Article Online

Abstract: The use of the Internet and computing resources as vital business tools continue to gain prominence day-by-day. Computing resources are utilized to create innovative and value-added products and services. Associated with this trend is the extent of cyber-crimes committed against or using computers. Experts anticipate that the extent and severity of cyber-attacks have increased in recent times and are likely to explode, unless some mitigation measures are instituted to curb the menace. As a response to the growth of cyber-crimes, the field of digital forensics has emerged.

Digital forensic investigations have evolved with the passage of time and it’s impacted by many externalities. A number of key challenges ought to be addressed, such as the intangibility, complications and inconsistencies associated with the investigations and presentation of prosecutorial artefacts. The digital evidence is usually intangible in nature, such as an electronic pulse or magnetic charge. The question is how can the intangibility of computer crime complicate the digital forensic investigations? To what extent can inconsistencies during the investigation mar the permissibility or admissibility of the evidence?

This study is an experimentally exploratory set-up with virtual systems subjected to some malware exploits. Using live response tools, we collected data and analyzed the payloads and the infected systems. Utilizing triage information, memory and disk images were collected for analysis. We also carried out reverse engineering to decompose the payload.

The study unearthed the digital truth about malwares and cyber-criminal activities, whilst benchmarking with standard procedures for presenting court admissible digital evidence. The timelines of activities on infected systems were reconstructed. The study demonstrated that externalities of intangibility, complications and inconsistencies can easily mar digital forensic investigations or even bring the entire process to an abrupt end. Further studies would be carried out to demonstrate other ways perpetrators use in concealing valuable digital evidence in a cyber-crime.

Keywords: Digital Forensic Investigation, Cyber-crime, Digital evidence, Artefacts, Malwares, Payload

Factors Influencing the Continuance Use of Mobile Social Media: The effect of Privacy Concerns

doi: 10.13052/jcsm2245-1439.426
Kwame Simpe Ofori1, Otu Larbi-Siaw1,2, Eli Fianu2, Richard Eddie Gladjah3 and Ezer Osei Yeboah Boateng 2

1SMC University, Switzerland
2Ghana Technology University College, Ghana
3Ho Polytechnic, Ghana

Abstract: [+]    |    Download File [ 1180KB ]    |   Read Article Online

Abstract: With over 800 million active Whatsapp users, Mobile Social Networks (MSNs) have become one of the most vital means of social interactions, such as forming relationships and sharing information, sharing personal experiences. The mass adoption of MSN raises concerns about privacy and the risk of losing one’s personal information due to personal data shared online. This paper sought to examine the role of Privacy Concerns in the continuance use of Mobile Social Media. The Effects of factors such as Perceived Ease of Use, Perceived Usefulness and Perceived Risk and Perceived Enjoyments on Satisfaction and Continuance intention were also explored. Survey data was collected from 262 students in Ghana Technology University College and analysed using the Partial Least Square approach to Structural Equation Modelling with the use of SmartPLS software. Results from the analysis showed that Perceived Usefulness, Perceived Risk and Perceived Enjoyment were significant predictors of Satisfaction. Satisfaction in turn was found to be a significant predictor of Continuance Intention. Satisfaction also mediated the paths between Perceived Risk, Privacy Concern and Continuance Intention. The results are discussed and practical implications drawn.

Keywords: Mobile Social Media Network, Privacy Concerns, Perceived Risk, Continuance Use

Confidentiality in Online Social Networks; ATrust-based Approach

doi: 10.13052/jcsm2245-1439.427
Vedashree K. Takalkar and Parikshit N. Mahalle

Smt. Kashibai Navale college of Engineering, Savitribai Phule Pune University, Pune, Maharashtra, India

Abstract: [+]    |    Download File [ 1468KB ]    |   Read Article Online

Abstract: Considering the growing popularity of the Online Social Networks, achieving data confidentiality from user’s perspective has turned out to be a vital issue. A system using trust can provide access control for the data uploaded by the owner on the social network. The paper discusses various metrics to calculate the trust and evaluation of trust score to determine the trust an owner has with the friends in her social network. Also the paper proposes the architecture that will build this trust evaluation system. Hence, the data will be seen by the friends who are trusted and the motive to achieve data confidentiality is achieved using trust-based access control scheme. The paper also discusses the Trust Rule to achieve access control of the data. To the best of our knowledge, this is the first proposal that calculates trust based on experience, context information and interaction.

Keywords: Online Social Network, trust, trust score, access control, data confidentiality.

River Publishers: Journal of Cyber Security and Mobility